CVE-2026-37536
Published: 01 May 2026
Summary
CVE-2026-37536 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires bounds checking and validation of payload_length prior to memcpy, directly preventing the stack buffer overflow in send_diagnostic_request.
Mandates identification, reporting, and remediation of the specific buffer overflow flaw in the miaofng/uds-c library at the vulnerable commit.
Implements memory protections like stack canaries, ASLR, and non-executable stacks to prevent exploitation of the stack buffer overflow for code execution or DoS.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in network-accessible send_diagnostic_request function (no bounds check on payload_length before memcpy) enables exploitation with adjacent network access for RCE/DoS, directly mapping to exploitation of remote services.
NVD Description
miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives memcpy at offset 1+pid_length with payload_length bytes. MAX_UDS_REQUEST_PAYLOAD_LENGTH=7, so 1+2+7=10 exceeds buffer by 4 bytes. No bounds check on payload_length before memcpy.
Deeper analysisAI
CVE-2026-37536 is a stack buffer overflow vulnerability in the miaofng/uds-c library, specifically at commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a dated 2016-10-05. The issue occurs in the send_diagnostic_request function, where a 6-byte stack buffer defined by MAX_DIAGNOSTIC_PAYLOAD_SIZE=6 receives data via memcpy starting at an offset of 1 + pid_length with payload_length bytes. Since MAX_UDS_REQUEST_PAYLOAD_LENGTH=7, this can result in up to 10 bytes written (1+2+7), overflowing the buffer by 4 bytes due to the absence of bounds checking on payload_length prior to the memcpy operation. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) with a CVSS v3.1 base score of 8.8.
An attacker with adjacent network access (AV:A) can exploit this vulnerability with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and without changing the scope (S:U). Successful exploitation could lead to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially enabling arbitrary code execution, data corruption, or denial of service through the stack overflow.
References for CVE-2026-37536 include a GitHub Gist detailing the vulnerability, the affected miaofng/uds-c repository, and a related openxc/uds-c repository. No specific patches or mitigation steps are outlined in the CVE description, though practitioners should review the repositories for any upstream fixes or updated commits beyond the vulnerable e506334e270d77b20c0bc259ac6c7d8c9b702b7a.
Details
- CWE(s)